Splunk Enterprise Vulnerability: Arbitrary JavaScript Code Execution in Browser Context
CVE-2024-36997

4.6MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 1 July 2024

Summary

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.

Affected Version(s)

Splunk Cloud Platform 9.1.2312 < 9.1.2312.100

Splunk Enterprise 9.2 < 9.2.2

Splunk Enterprise 9.1 < 9.1.5

References

https://advisory.splunk.com/advisories/SVD-2024-0717

https://research.splunk.com/application/ed1209ef-228d-4da...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 1, 2024
Vulnerability Reserved
May 30, 2024

Credit

STÖK / Fredrik Alexandersson